Configuration Guides

Configuring SAML SSO with UltiPro and PingOne for Enterprise

Learn how to enable UltiPro sign-on from the PingOne for Enterprise console (IdP-initiated sign-on) and direct UltiPro sign-on using PingOne for Enterprise (SP-initiated sign-on).

Before you begin

  • Link PingOne for Enterprise to an identity repository containing the users requiring application access.

  • Populate UltiPro with at least one user to test access.

  • You must have administrative access to PingOne for Enterprise.

Add the UltiPro application to PingOne for Enterprise

  1. Sign on to PingOne for Enterprise and go to Applications → My Applications.

  2. On the SAML tab, click Add Application.

    Screen capture of PingOne for Enterprise My Applications page on the SAML tab, with the Add Application dropdown menu opened and New SAML Application selected.

  3. Enter UltiPro as the application name.

  4. Enter a suitable description.

  5. For the category, select Human Resources.

  6. Click Continue to Next Step.

  7. Set Assertion Consumer Service (ACS) to https://placeholder and set Entity ID to placeholder.

    You’ll update these values later.

  8. Click Continue to Next Step.

  9. Click Add new attribute.

    Screen capture of PingOne for Enterprise SSO Attribute Mapping section with the Add new attribute button highlighted in red.

  10. Add the SAML_SUBJECT attribute and map it to the value required by UltiPro.

    Screen capture of PingOne for Enterprise Application Attribute table with SAML_SUBJECT highlighted in red in both the Application Attribute and Identity Bridge Attribute or Literal Value columns.

  11. Click Continue to Next Step.

  12. Click Add for all user groups that should have access to UltiPro.

    Screen capture of PingOne for Enterprise Group Access page with Users@directory and Domain Administrators@directory listed in the Group Name column.

  13. Click Continue to Next Step.

  14. Download the PingOne for Enterprise signing certificate and metadata.

    Screen capture of PingOne for Enterprise Signing Certificate and SAML Metadata Download hyperlinks highlighted in red.

  15. Click Finish.

Add the PingOne for Enterprise connection to UltiPro

  1. Contact UltiPro Customer Support and request that SAML 2 be enabled for your organization.

  2. Provide them with the downloaded PingOne for Enterprise signing certificate and metadata.

  3. Request their ACS URL and EntityID values.

Complete the UltiPro PingOne for Enterprise setup in UltiPro

  1. Continue editing the UltiPro entry in PingOne for Enterprise for Enterprise.

    If the session has timed out, complete the initial steps to the point of clicking Setup.

  2. Click Continue to Next Step.

  3. Set the ACS URL to the UltiPro ACS URL value.

  4. Set the Entity ID to the UltiPro Entity ID value.

  5. Click Continue to Next Step until you reach the final page, then click Finish.

Test the PingOne for Enterprise IdP-initiated SSO integration

  1. Go to your Ping desktop as a user with UltiPro access.

    To find the Ping desktop URL in the Admin console, go to Setup → Dock → PingOne Dock URL.

  2. Complete the PingOne for Enterprise authentication.

    You’re redirected to your UltiPro application.

    Screen capture of PingOne for Enterprise login screen.

Test the PingOne for Enterprise SP-initiated SSO integration

  1. Go to your UltiPro application.

  2. After you’re redirected to PingOne for Enterprise, enter your PingOne for Enterprise username and password.

    Screen capture of PingOne for Enterprise login screen.

    You’re redirected back to UltiPro.